Trinity Exploit - Emulator Escape
Trinity is the third public jailbreak for the PS Vita™, which supports the latest firmwares 3.69 and 3.70. The exploit chain consists of three stages: the MIPS Kernel Exploit, the PSP Emulator Escape and the ARM Kernel Exploit.
A technical explanation of the Trinity exploit chain is available here.
If you have already done the preparation, you can skip this part and go to the Installation
section.
If you're on firmware 3.69, you have two options:
212.47.229.76
(go to Settings → Network → Wi-Fi Settings → Your access point → Advanced Settings and set DNS Settings to Manual and Primary DNS to 212.47.229.76
).Register a PSN account if you don't have one yet (note that only 3 devices can be activated using the same account).
Download and install any PSP/minis game (PS Vita or PS one Classics do not work). There are demos in most regions (if you know a title that is not listed here, please let me know):
Unfortunately, if you can't find a demo in your region, you must either buy any PSP/minis game, or register a new PSN account in one of the regions listed above.
Please make sure that your demo is a PSP/minis game. To verify, please launch the game and hold the PS button for a while. Then a quick menu should come up with the Settings
option, where you can set bilinear filter, etc. If this option is not there, you've likely downloaded the wrong game. For help, please consider watching some youtube tutorials and see how a PSP game should look like.
Download and install qcma and psvimgtools.
Start qcma and within the qcma settings set the option Use this version for updates
to FW 0.00 (Always up-to-date)
to spoof the System Software check.
Launch Content Manager on your PS Vita and connect it to your computer, where you then need to select PS Vita System -> PC
, and after that you select Applications
. Finally select PSP™/Other
and click on the game that you want to turn into the Trinity exploit. If you see an error message about System Software, you should simply reboot your device to solve it (if this doesn't solve, then put your device into airplane mode and reboot). If this does still not work, then alternatively set DNS to 212.47.229.76
to block updates.
Transfer the game over to your computer by clicking on Copy
on your PS Vita. After copying, you go to the folder /Documents/PS Vita/PGAME/xxxxxxxxxxxxxxxx/YYYYZZZZZ
on your computer, where xxxxxxxxxxxxxxxx
is some string corresponding to your account ID and YYYYZZZZZ
is the title id of the game that you've just copied over. You can look at the image at YYYYZZZZZ/sce_sys/icon0.png
to verify that it is indeed your chosen game. Furthermore, the YYYYZZZZZ
folder should contain these folders: game
, license
and sce_sys
.
Before you attempt to modify the backup, you should make a copy of it. Just copy YYYYZZZZZ
somewhere else, such that if you fail to follow the instructions, you can copy it back and retry.
Insert the xxxxxxxxxxxxxxxx
string here. If the AID is valid, it will yield a key that you can now use to decrypt/re-encrypt your game.
Decrypt the game backup by executing the following command in your command line/terminal (make sure you're in the right working directory. On Windows you can open the terminal in the current working directory by typing in cmd
in the path bar of the file explorer. Also, if you haven't installed psvimgtools yet, then just place them in the YYYYZZZZZ
folder):
psvimg-extract -K YOUR_KEY game/game.psvimg game_dec
If done correctly, you should see an output like this:
creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
creating file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
all done.
Download Trinity and copy the PBOOT.PBP
file to game_dec/ux0_pspemu_temp_game_PSP_GAME_YYYYZZZZZ/PBOOT.PBP
(the files EBOOT.PBP
, __sce_ebootpbp
and VITA_PATH.txt
should exist in this folder). If PBOOT.PBP
does already exist there, just overwrite it.
Now re-encrypt the backup similar to above by typing this in your command line/terminal:
psvimg-create -n game -K YOUR_KEY game_dec game
If done correctly, you should see an output like this:
adding files for ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/EBOOT.PBP (x bytes)...
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/PBOOT.PBP (x bytes)...
packing file ux0:pspemu/temp/game/PSP/GAME/YYYYZZZZZ/__sce_ebootpbp (x bytes)...
created game/game.psvimg (size: x, content size: x)
created game/game.psvmd
Remove the game_dec
folder (and PSVimg tools if copied here) and select Refresh database
in qcma settings.
Now you need to copy back the modified backup to your PS Vita: Launch Content Manager on your PS Vita and connect it to your computer (if it's already open, just go back to the first menu), where you then need to select PC -> PS Vita System
, and after that you select Applications
. Finally select PSP™/Other
and click on the modified game. Perform the copy operation and exit Content Manager.
In the livearea, the game should now have a different icon and should now be called Trinity (eventually you have to rebuild the database in recovery mode to make the bubble change its look). If not, please re-read the instructions more carefully and begin from fresh.
Turn on Wi-Fi, then reboot your device and straightly launch Trinity. Do not do anything else, otherwise the exploit will be less reliable. It is very important that you do not have any running downloads in background.
Enjoy the exploitation process and wait until it launches the Construct. If the exploit fails, simply rerun Trinity.
Within the Construct, select Download VitaShell
, then Install HENkaku
and finally Exit
.
Congratulations, your device is now able to run homebrews. It is highly suggested that you downgrade your device to either firmware 3.60 or 3.65/3.67/3.68 using modoru. On 3.60, you can use HENkaku and on 3.65/3.67/3.68 you can use h-encore. If you don't downgrade your device now, you may lose the ability to launch Trinity later and therefore not be able to hack your device anymore.
[TURN ON WI-FI TO USE THIS EXPLOIT].
" - Just hold the PS button and turn on Wi-Fi in the quickmenu.[EXPLOIT FAILED: 0x800200CB].
" - This can sometimes happen. Just rerun the exploit.HENkaku Settings
, then select Enable unsafe homebrews
. This will grant you full permission in VitaShell.If you like my work and want to support future projects, you can make a donation:
Thank you!